CERTA-2004-AVI-223
Vulnerability from certfr_avis - Published: - Updated:
Deux vulnérabilités de MySQL permettent à un utilisateur mal intentionné de contourner le mécanisme d'authentification.
Description
MySQL est un serveur de base de données open source.
Une première vulnérabilité permet à un utilisateur mal intentionné de
contourner le mécanisme d'authentification par mot de passe.
Une seconde vulnérabilité permet à un utilisateur mal intentionné de
déclencher un débordement de mémoire dans le mécanisme
d'authentification.
Solution
- La version de MySQL 4.1.3 corrige ces vulnérabilités ;
- la version de MySQL 5.0 corrigera ces vulnérabilités.
MySQL est téléchargeable à l'adresse suivante :
http://www.mysql.com/downloads/
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MySQL 5.0.",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Toutes les versions de MySQL de la branche 4.1 ant\u00e9rieures \u00e0 la version 4.1.3 ;",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nMySQL est un serveur de base de donn\u00e9es open source. \nUne premi\u00e8re vuln\u00e9rabilit\u00e9 permet \u00e0 un utilisateur mal intentionn\u00e9 de\ncontourner le m\u00e9canisme d\u0027authentification par mot de passe. \nUne seconde vuln\u00e9rabilit\u00e9 permet \u00e0 un utilisateur mal intentionn\u00e9 de\nd\u00e9clencher un d\u00e9bordement de m\u00e9moire dans le m\u00e9canisme\nd\u0027authentification.\n\n## Solution\n\n- La version de MySQL 4.1.3 corrige ces vuln\u00e9rabilit\u00e9s ;\n- la version de MySQL 5.0 corrigera ces vuln\u00e9rabilit\u00e9s.\n\nMySQL est t\u00e9l\u00e9chargeable \u00e0 l\u0027adresse suivante :\n\n http://www.mysql.com/downloads/\n",
"cves": [],
"links": [
{
"title": "Site Internet de MySQL :",
"url": "http://www.mysql.com"
}
],
"reference": "CERTA-2004-AVI-223",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2004-07-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire possible"
},
{
"description": "Contournement du m\u00e9canisme d\u0027authentification"
}
],
"summary": "Deux vuln\u00e9rabilit\u00e9s de MySQL permettent \u00e0 un utilisateur mal intentionn\u00e9\nde contourner le m\u00e9canisme d\u0027authentification.\n",
"title": "Vuln\u00e9rabilit\u00e9 de MySQL",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 NGS Research du 01 juillet 2004",
"url": "http://www.nextgenss.com/advisories/mysql-authbypass.txt"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…